[SOLVED] Access Proxmox via Nginx Reverse proxy

Flaxe

Active Member
Feb 24, 2017
11
1
43
Hi,

I can't get my reverse proxy to work in order to access Proxmox via http(s)://domain.name/proxmox.
However, if I edit the configuration "location /proxmox" to "location /" then I can access it via http(s)://domain.name/, but I'd rather use /proxmox instead of having it at the "root".

I have other reverse proxies setup the same way, but in most of these applications I've been able to set "URL Base", so I assume this is what is needed to do in Proxmox as well but I'm not able to find such an option. Or is it possible to configure Nginx with a RequestHeader somehow?

Nginx configuration:
Code:
server {
    listen 443 ssl;
    server_name domain.name;
    ssl on;

    location /proxmox {
        proxy_pass http(s)://10.10.10.5:8006;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # Enable proxy websockets for the noVNC console to work
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Note: I'm not able to post with real URL's because I'm a new member, so http(s) actually means https.

Thanks
 
I have not tested accessing Proxmox through a reverse proxy subdirectory.
Though, a subdomain should also work if that is acceptable for you.

Code:
Code:
server {
    listen 443 ssl;
    server_name subdomain.example.com;

    location / {
        proxy_pass https://10.10.10.5:8006;
        proxy_set_header Host $host;
    }
}
 
  • Like
Reactions: Flaxe
Thanks AaronWalker, I got it working with a subdomain - so now I can access proxmox with subdomain.example.com and my other services as example.com/service. I assume using a subdomain is the only option for Proxmox, so I'll go with this solution for now :) Thanks again.
 
Thanks AaronWalker, I got it working with a subdomain - so now I can access proxmox with subdomain.example.com and my other services as example.com/service. I assume using a subdomain is the only option for Proxmox, so I'll go with this solution for now :) Thanks again.
Found this thread also trying to setup with a sub-directory, but im open to using a subdomain as well. How did authentication play out for you when setup a subdomain? Does it just default to proxmox's regular form authentication? Did you have to add some type of http auth?

I also have an SLL cert for my domain that is not a wildcard cert, so it wouldn't work for a subdomain. Do you think I'd run into any issue using LetsEncrypt to generate a subdomain-specific cert, that would run behind my other domain cert?
 
Found this thread also trying to setup with a sub-directory, but im open to using a subdomain as well. How did authentication play out for you when setup a subdomain? Does it just default to proxmox's regular form authentication? Did you have to add some type of http auth?

I also have an SLL cert for my domain that is not a wildcard cert, so it wouldn't work for a subdomain. Do you think I'd run into any issue using LetsEncrypt to generate a subdomain-specific cert, that would run behind my other domain cert?
Authentication is not affected.
SSL certification works just like any other website.
 
I've a ReverseProxy container with Nginx.
I try this config :
Code:
upstream proxmox {
   server ReverseProxy;
}

server {
   listen 80 default_server;
   rewrite ^(.*) htt ps://$host$1 permanent;
}

server {
   listen 443;
   server_name xxx.ddns.net;
   ssl on;
   ssl_certificate /etc/pve/local/pve-ssl.pem;
   ssl_certificate_key /etc/pve/local/pve-ssl.key;
   proxy_redirect off;
   location /proxmox {
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_pass htt ps://192.168.0.15:8006;
   proxy_buffering off;
   client_max_body_size 0;
   proxy_connect_timeout  3600s;
       proxy_read_timeout  3600s;
       proxy_send_timeout  3600s;
       send_timeout  3600s;
   }
}

But I've 502 issue
 
I want to re-ask the question:

Did someone managed to use the Webinterface in a Subdirectory via Reverse Proxy?

Is that possible or is that something that is never done and maybe not supported by proxmox?
 
Here's my current Proxmox relevant Nginx configuration, which is working perfectly fine for me. There might be something in here that's not completely necessary, but it does the job for me.

Code:
server {
    listen 80;
    server_name pve.domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name pve.domain.com;
    ssl on;
    ssl_certificate /etc/nginx/certs/*.domain.com/fullchain;
    ssl_certificate_key /etc/nginx/certs/*.domain.com/key;

    add_header Allow "GET, POST, HEAD, PUT, DELETE" always;
    if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE)$) {
        return 405;
    }

    location / {
        proxy_pass https://10.10.10.5:8006;

        # Disable buffering to serve data immediately to clients.
        # Increase timeouts from default 60 seconds to 5 minutes for the console not to close when no data is transferred.
        # Additionally the max_body_size was increased to 5 GB to allow uploads of huge ISOs via the Web UI.
        proxy_buffering off;
        proxy_buffer_size 4k;
        client_max_body_size 5g;
        proxy_connect_timeout 300s;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        send_timeout 300s;

        # Enable proxy websockets for the noVNC console to work
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Standard proxying headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      
        # SSL proxying headers
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl on;
    }
}
 
Here's my current Proxmox relevant Nginx configuration, which is working perfectly fine for me. There might be something in here that's not completely necessary, but it does the job for me.

Code:
server {
    listen 80;
    server_name pve.domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name pve.domain.com;
    ssl on;
    ssl_certificate /etc/nginx/certs/*.domain.com/fullchain;
    ssl_certificate_key /etc/nginx/certs/*.domain.com/key;

    add_header Allow "GET, POST, HEAD, PUT, DELETE" always;
    if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE)$) {
        return 405;
    }

    location / {
        proxy_pass https://10.10.10.5:8006;

        # Disable buffering to serve data immediately to clients.
        # Increase timeouts from default 60 seconds to 5 minutes for the console not to close when no data is transferred.
        # Additionally the max_body_size was increased to 5 GB to allow uploads of huge ISOs via the Web UI.
        proxy_buffering off;
        proxy_buffer_size 4k;
        client_max_body_size 5g;
        proxy_connect_timeout 300s;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        send_timeout 300s;

        # Enable proxy websockets for the noVNC console to work
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Standard proxying headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     
        # SSL proxying headers
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl on;
    }
}
Which configuration is inside which nginx folder?
 
Which configuration is inside which nginx folder?
Not sure exactly what you mean, but all of that configuration is placed in the file: /etc/nginx/conf.d/pve.domain.com.conf
My /etc/nginx/nginx.conf is setup to include all *.conf files located in the /etc/nginx/conf.d/ folder:
Code:
cat /etc/nginx/nginx.conf
<snip>
# Includes virtual hosts configs.
include /etc/nginx/conf.d/*.conf;
<snip>